Re: Permissions (EVERYONE POST TO THIS)

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/07/03 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Mon, 6 Jan 2003 21:38:17 -0500

"Compent administrator" is the key word. You have to realize that a lot of
environments don't have this.

I still think you are only considering corporate environments over 50
workstations where there is someone on staff who knows how to do all this
properly, as well as large corporations and government sites that also don't
have the talent to commit. The ideal solution is not always the best one in
the real world. For example, back in the day, F-prot used to be my
preferred antivirus for my own use, but other antiviruses were easier to
support in a large corporate environment, so we used those instead.

"Benoit Boudeville" <bboudev-NOSPAM@club-internet.fr> wrote in message
news:3E179CF7.4060300@club-internet.fr...
>
> I must agree with Paul ^^
> GPO are very helpful to provide admins with enough granularity on
> filesystem & registry perms.
>
>
>
> Paul A. Mancuso wrote:
> > Support several networks, and the only headaches are the systems that
allow
> > Administrator access. Totally disagree. In NT 4.0 workstations I could
see
> > something to your argument, but in Win2k, there is no excuse for
allowing
> > everyone Admin rights to their desktop for competant administrators.
> >
> > Paul A. Mancuso
> >
> > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message
> > news:OsQGkX3sCHA.1628@TK2MSFTNGP10...
> >
> >>"Eric M" <eric_magidson@hotmail.com> wrote in message
> >>news:069c01c2b361$19363de0$8ef82ecf@TK2MSFTNGXA04...
> >>
> >>>I am involved with a user group for a market specific
> >>>application and we are currently discussing why not to set
> >>>up users with administrative rights. Can you beleive how
> >>>many people find this an acceptable practice?
> >>>
> >>>I am a Network administrator and would never consider this
> >>>an option. What are your opinions? REPLY AND REPLY
> >>>OFTEN. I feel this is a huge exposure that needs to be
> >>>addressed.
> >>
> >>I disagree. This should be an option. You are right that no software
> >>should force you to log in as administrator or system to run it. [This
> >>include services like IIS, which are pretty difficult to get to run
unless
> >>they start as System, so that hackers running remote buffer overflow
> >>exploits gain system-equivalent privileges. It would be great if this
> >
> > would
> >
> >>change.]
> >>
> >>But for workstations, revoking Administrator privileges is a big
headache,
> >>especially for home users... and if your intention is to prevent worms
and
> >>trojans and viruses from running, logging in as a non-administrator just
> >>isn't going to be very effective in that regard. For me, the benefits
> >>usually aren't worth the headache, unless you work in a very secure
> >>environment. To me there are way many more security issues that go
> >>unaddressed that should be addressed first, such as insecure default
> >>installs, Microsoft scripting technologies like VB and WSH being forced
on
> >>your PC by Windows and IE and MS Office with no way to disable them,
> >>widespread lack of antivirus and firewall, etc.
> >>
> >>In other words, IMHO logging in as administrator should be a choice for
> >
> > the
> >
> >>user and administrator, but not a requirement from the software vendor.
> >>Logging in as a non-administrator is really only a viable option today
for
> >>expert home users and companies that are prepared to make an extra
> >>commitment of time and effort to fix the problems that doing this
causes.
> >>
> >>
> >>
> >>
> >
> >
> >
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.435 / Virus Database: 244 - Release Date: 12/30/2002

Relevant Pages

  • Re: renamed mdb > dat > email with hotmail > now I cant open it
    ... david epsom dot com dot au wrote: ... you only saw that message because you were an administrator ... In corporate environments where the users are not ... Prev by Date: ...
    (microsoft.public.access.security)
  • Re: Permissions (EVERYONE POST TO THIS)
    ... Administrator access. ... Totally disagree. ... > But for workstations, revoking Administrator privileges is a big headache, ...
    (microsoft.public.win2000.security)
  • Re: Permissions (EVERYONE POST TO THIS)
    ... Totally disagree. ... >>> I am a Network administrator and would never consider ... >> But for workstations, revoking Administrator privileges ... is a big headache, ...
    (microsoft.public.win2000.security)
  • Re: Finally finished SBS Install, not a config question...
    ... kill the user and re-create them and they were added to the ... small of an environment and I'll have headache after headache if I ... "administrator" level on their machines, but I don't really want them ... modify the policy templates or take a look at the power user template ...
    (microsoft.public.windows.server.sbs)